KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In talking about a "Post Platform Digital Future", it is all about a Vision, or better: mission to not let the current platform dominance grow any further and create the foundations for a pluralistic digital society & business world where size would not be the only thing that matters. To get there, we need open Standards, Protocols and Alliances that help individuals, as well as businesses of any size, to participate in a digital future inside the metaverse and beyond - just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.
Widely used cloud security standards define general security measures/controls for securing clouds while not differentiating between the many, well-known implementations that differ with respect to the Service and/or Deployment Model they implement. Users are thus lacking guidance for decision-making and for preparing to ensure end-to-end security. By adding only two requirements, cloud security standards can really cover and consider virtually all possible Service Models and Deployment Models. As a result of this, they support differentiating between offerings and improve the support for user organizations for which the standards are also built for.
The Internet had been created without an identity layer, leaving it to websites and applications to take care for authentication, authorization, privacy and access. We all know the consequences - username and password still being the dominant paradigm and, even more important, users not having control over information that personally identifies them. The risk of data misuse, of being hacked or manipulated has become a significant challenge and and requires a new approach in times of an emerging web3 and its core capability of transferring value. Is decentralized, DLT based Identity the solution that finally will enable DeFi, NFTs and DAOs? Join this awesome keanote panel to controversially discuss this topic.
Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.
Trust is not just technical, and it’s not just derived from a process or an organisation. The need for Trust is also variable based on the risk involved in a transaction or the risk appetite of the service provider. Sometimes trust is almost irrelevant. Digital doesn’t make things any easier as we often have multiple parties involved in the communication of trust from issuer to holder of credentials, and on to a relying service not to mention requirements for onboarding, verification, issuance, and authentication to name but a few along the way.
Emerging standards and relentless innovation make many things better, but they also introduce challenges when we want multiple systems to work together and for trust to be largely independent of the underlying technical stacks.
To make Trust work in diverse ecosystems we need clear rules of engagement that champion the needs of all participants and clearly define their responsibilities to one another, and to the wider legal and business ecosystems they ultimately interact with. Efforts in multiple jurisdictions in both the public and private sector are developing these rule sets right now – this is what we can learn from the rise of the Trust Framework.
Data Protection is a very basic and profound concept of translating privacy as a human right into the digital sphere. But is it enough? and are our current approaches the right ones? In this panel we will try to find answers on how we can translate privacy into the (metaverse) future.
"The Right to be Forgotten" presents a conundrum to builders of blockchain solutions, because the focus of most blockchains is to create an indelible, permanent record. This makes "The Right to be Forgotten" appear irreconcilable with blockchains. I will present a solution to "The Right to be Forgotten" that can be applied to most every blockchain, subject to governance approval by the stakeholders. The solution does not violate the integrity of the blockchain record.
Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.
You've probably heard about Cyber Resilience, but what should be the differences between the two terms in the context of Cybersecurity? Cyber Resistance is the same or not?. During this presentation, we will be understanding the differences between Cyber Resistance and Cyber resilience, and how we can apply both concepts to our current technology landscape, besides understanding how we can identify the High-Value Target (HVT) in our organization
Long theorized as the solution to the verification problem on the internet, decentralized identity has now achieved lift-off in the marketplace. In this workshop, we’ll explain who’s interested, why, and what we learned building a series of solutions for global enterprises in the finance, health, and travel sectors. We’ll explain how we implement decentralized identity through the concept of a Trusted Data Ecosystem, and what the near future looks like for businesses who adopt this technology now, including the critical importance of verifiable digital identity to decentralized finance, the metaverse, and to the interaction of digital objects and non-digital objects in the spatial web—the “Internet of Everything.”
Ethical Hacker Joseph Carson will demonstrate a real-world use case of how a cyber adversary gains an initial foothold in your network through compromised credentials and then elevates control and moves laterally to identify and exfiltrate your critical data. He will share insights into how the mind of a criminal hacker operates based on his experiences and steps you can take to stop them in their tracks.
Staying up to date and learning hacking techniques is one of the best ways to know how to defend your organization from cyber threats. Hacking gamification is on the rise to help keep security professionals up to date on the latest exploits and vulnerabilities. This session is about helping you get started with hacking gamification to strengthen your security team.
In this session Joseph Carson Chief Security Scientist and Advisory CISO at Delinea will select two systems from Hack the Box and walk through each of them in detail explaining each step along with recommendations on how to reduce the risks. Going from initial enumeration, exploitation, abusing weak credentials to a full privileged compromise.
What will I learn?
Get answers to these important questions:
Today, seamless access experiences are crafted based on identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication, self-service portals, and federated access. But, is this enough for the next epoch of digital applications, metaverse, and Web 3.0?
The digital world is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double.
In this keynote, Asanka will look at creating a seamless access experience around the digital double using APIs, integration, and identity in order to prepare organizations to address the next digital era.
Security vs experience. Platform vs best of breed. Fast vs thorough. The identity technology world forces us to make trade-offs. These difficult decisions are an endless exercise in technical and logistical nuances like developer and IT resources, product licenses, integrations, and deployment methods.
Get ready! We are entering an era where IAM professionals can rise above those tradeoffs, and rapidly evolve from technical experts to experience artists by using solutions that customize, code, and integrate for you. This means humans can focus on what humans do best: creating amazing experiences, differentiating from competitors, reacting to market trends, leveraging innovations like decentralized identity and partnering with business owners to anticipate and exceed user expectations.
We are in the mid of one of the most significant revolutions in the cloud and identity ecosystem since the last decade. With the dynamic transformation from Web2.0 to Web3.0, both the cloud as well as the identity ecosystem embrace themselves for a change in the way we perceived security. Blockchain is revolutionizing both the cloud industry as well as the financial sectors. In my talk, I will focus on the transformative impact of blockchain protocols like Filecoin and Storj which are playing a significant role in changing the way we have perceived cloud storage. Decentralized Cloud Storage will be the future for sustainable data storage in Web 3.0, in which we will move from a single service provider to create an ecosystem where anybody could be a cloud storage provider. Highly successful blockchain projects like Filecoin have been able to create such an ecosystem. But we are far away from attending the level of scale needed to reach out to every corner of the globe. Decentralized Cloud Storage poses a different set of security challenges and scalability issues. I will be presenting my research work which focuses on the new advances in tackling future security threats for decentralized cloud storage. Additionally, I will focus on discussing how to overcome scalability issues in the blockchain using the most advanced cryptographical tools knowns as zk-SNARKs.
Currently, lots of topics are fast-moving in crypto. There is still a gap to be closed between non-crypto businesses and the application of blockchain technology. It is PolyCrypt's vision to realize the true power of decentralization – bringing privacy, speed, scalability and user freedom to the masses – as a frontier of innovation we passionately strive for excellence with no compromise on quality.
Identity & Access Management is a key requirement from banning regulations.
At Creditplus, a new IAM solution was implemented recently. Drivers for IAM as well as the overall design of the new solutions are presented in this talk.
IGA vendors often point to ABAC vendors when asked how authorization should actually be enforced and ABAC vendors point in the direction of IGA vendors when asked where all that context information is coming from. The talk will shed some light on how the grey area between IGA and cloud native authorization systems like Styra DAS / Open Policy Agent can be bridged. The focus will be on inhouse applications not on commercial off the shelf software as bolting a foreign authorization system onto existing software brings little benefit. We will share where different concerns like auditability, scalability and user experience for engineers and end users can be solved.
Zalando has 4000+ inhouse applications and 280+ engineering teams so we will also talk about organizational scalability by using 100% automation and self service.
Consumer identity is still a hot topic in IAM in general. CIAM has experienced a great deal of technological innovation in the last five years, and much of the innovation in CIAM has found its way into B2B and B2E IAM solutions through the "consumerization of IT". KuppingerCole is updating research on CIAM, and in this session we'll consider what we have learned thus far, including trends in authenticator availability and usage, consent and privacy management features, regulatory compliance developments, the integration of consumers' device identities, the challenges of account recovery and linking, and the rising need for identity proofing services.
A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.
* IT-security, OT-security, cloud-security
* Cyber security: from basics, perimeter, air gap to zero trust
* Hybrid world: isolation or integration
* Tops and flops in practical cyber security
This presentation will explore adding deception as a component of a security-in-depth strategy to increase cyber resilience (in case the garlic, crosses, and wooden stakes are not effective). We will discuss whether you should invite attackers into your network. Much like with vampires, inviting attackers in can have serious repercussions. However, unlike vampires, cyber attackers do not need an invitation. Fortunately, deception within our networks can aid in identifying, delaying, and evicting unwanted guests, including insider threats (or vampires already amongst us). We will explore several deception use cases that can dramatically increase cyber resilience without attracting more attackers.
Mergers and acquisitions amongst large, globally-distributed organizations are notoriously complex, error-prone, and resource consuming. But did you know that merging smaller organizations comes with its own set of unique issues and risks? One year ago, Okta announced its acquisition of Auth0. Since then, the combined forces of their internal business systems teams have been working hard to bring the identity and compliance capabilities of the organizations together. The union of these two companies introduced some novel challenges- even for veteran practitioners with experience in IAM mergers at much larger organizations. In this talk Jon Lehtinen will take you on a guided tour of the Okta/Auth0 identity merger from a practitioner’s perspective, and share the learnings, the challenges, and the recommendations for other practitioners tasked with merging the IAM programs within smaller, high-growth companies.
Today's open standards ensure that when a user chooses to login, the user’s authentication is protected and only delivered to the mobile app that initiated the authentication. However, how does the Authorization Server identify or verify the invoking app? This talk will look at the potential for mobile app impersonation and mechanisms available to protect against these attacks.
Many companies are engaging in remote onboarding and need to adopt new methods of identity verification that can be done digitally. While new forms of ID verification are most prevalent today with Financial Services as a means of performing Know-Your-Customer regulations, there is nascent adoption across other industry verticals. In this session, the speakers will demonstrate an open standard based approach to ID verification based on verifiable credentials and decentralized identifiers for remote onboarding across industries. With this new approach users can verify their identity once and use their credentials with any organization. Enterprises can leverage this simpler cost-saving approach to remotely onboard employees, partners and customers compliantly while respecting the end users’ privacy.
SSI and Verifiable Credentials are the latest development in identity management. They offer many benefits over existing federated identity management systems. Unfortunately some proponents of SSI are mandating that companies implement decentralised identifiers (DIDs) and blockchains in order to benefit from SSI. This is not necessary. In fact the W3C Verifiable Credentials Data Model Recommendation makes it clear that DIDs are not needed for verifiable credentials, and vice versa. DIDs and blockchains are something of a ball and chain around the legs of companies that want to benefit from SSI when leveraging their existing web based security infrastructures. This keynote talk will describe how it is possible to build standards compliant high performance, user friendly, SSI systems using the World Wide Web, Transport Layer Security, Jason Web Tokens, Web Authentication and X.509 public key certificates, allowing them to experience all the benefits of SSI without the ball and chain impediments of DIDs and blockchains. - the benefits of SSI over existing identity management systems - the downsides of DIDs and blockchains - the upsides of using existing World Wide Web infrastructure to build your SSI solution
Learn how businesses are using verifiable credentials, decentralized orchestration and blockchain identity to reduce fraud, increase privacy and improve user experience. See real-world examples of production ready solutions from one state’s Department of Education and other public sector organizations. Learn how biometrics, proofing, KYC and other MFA services link with verifiable credentials through decentralized orchestration. See how paper-based documents like diplomas, academic transcripts and citizen identity are being replaced with verifiable credentials that reduce cost, increase security and privacy preservation. Learn how Ping Identity and other sources can issue and verify blockchain based verifiable credentials.
HTTP is an amazingly powerful protocol, and it's the lifeblood of the internet today. On the surface, it seems to be a simple protocol: send a request to a server and get back a response, and everything's structured in useful ways. HTTPS adds the TLS protocol to secure the connections between endpoints, protecting the messages with encryption and keeping them away from attacker's eyes. But what if you want to be sure the sender is the right sender, and what you see is what they sent? What if you've got a more complex deployment, with proxies and gateways in between your endpoints that mess with the contents of the message? What if you need assurances on the response as well as the request, and to tie them together? People have been trying to sign HTTP messages in various ways for a long time, but only recently has the HTTP Working Group picked up the problem. Come hear about the HTTP Message Signatures work from the draft specification's authors and see how it works, how to apply it, and talk about how it could change how we use the web.
The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on the development of these standards and requirements and also provide you with an opportunity to provide input into their development.
Again and again, I am asked how one can start with the topic of security in an agile project environment. What are the essential first steps, and what should you focus on at the beginning? Of course, this raises the question of suitable methodologies and tools. At the same time, the strategic orientation of the company must be included in this security strategy. We have also learned in the recent past that attacks like the “Solarwinds Hack” are becoming more and more sophisticated and that the attackers now focus on the entire value chain. What tools are there, and where should they be used? How can I start tomorrow to prepare myself for the future against the challenges of cyber attacks? And that’s exactly what you will get an answer to here.
In this session, we will answer a question that everyone is asking: "Can we really get rid of Active Directory in the cloud era?".
In the conversations with many CISOs and CTOs, the future of Active Directory was constantly being questioned and we could see a lot of confusion about what strategy to take. Active Directory is currently experienced as a huge pain in most organizations and they all dream of being able to eliminate this classic entry point for Malware and Ransomware within their IT ecosystem.
In this session we will have a look at traditional corporate directy systems and discuss wether, how and where they will survive a cloud first stragey.
The identity r/evolution is ongoing. For a while it seemed that not much has changed since Kim Cameron spearheaded the discussion about “The Laws of identity”. New technologies like Privacy-ABC based on ZKP were ready to provide the user with control over how much personal data he wants to disclose, while promising, commercial solutions were neither accepted by the market nor solving the problem of reliability of transactions exhaustively. Today, the new decentralized digital identity model of Self-Sovereign Identity, utilizing verifiable credentials and Decentralized Identifiers, is giving new hope of finding sustainable solutions. This session will map out the main questions around privacy within this context:
David will talk aboout a new technology that allows the person owning a public key to prove that they have memorized a passphrase, from which they could at any time easily compute the private key.
One example use is for votexx.org elections, which are conducted remotely without polling places. The ballot-casting in such elections is done by a signature that is publicly verifiable as corresponding to a particular public key posted in advance by the election authority. The voter registration authority would require a proof that the voter knows the corresponding passphrase and hence ensures that the voter has irrevocable access to the private key corresponding to the posted public key. This lets the voter give all of their keys (in an extreme case) to a vote buyer and/or coercer – while the voter is never able to give up knowledge of the passphrase and the ability that it confers to secretly cancel any vote made with the corresponding private key. This is just one example David will feature in his presentation.
Customer Identity & Access Management (CIAM) has made us learn about reducing friction in the way customers access and consume our services, and to add value to the relationship. It is time now to apply CIAM learnings to workforce identity.
Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.
For the last 30 years virtually every company, agency and organization has been forced to accept the risks associated with identity management and control for third parties and all the other identities that are not directly addressed by today's workforce or customer access management solutions. The universe of "all other identities" is enormous, numbering in the billions and maybe even the trillions of distinct and unique identities. In the absence of solutions and processes to actively manage and control the identities of contractors, service providers, agencies, franchisees and all the possible variations of people, devices and entities that your organization interacts with, accepting risk but not being able to mitigate it has been the normal course of business. It is past time that these risks are acknowledged, addressed, and mitigated. Richard Bird explains the current state of third and n-th party identity risk, how to recognize it and what to do about it in this presentation on a new frontier in security and risk.
When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.
This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes "native" experience.
The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.
OPA is a fast rising star in the Authz market. In this deep dive we will cover lessons learned and best practice from early adopters on how to deploy OPA at scale and in production. How can you ensure consistent polices, how do you test and life cycle policies, how do connect with external data sources.
The third iteration of the Web, Web 3, aims to put more control over web content in users’ hands. It promises to be built on blockchain, eliminating all big intermediaries, including centralized governing bodies. The vision for a Web3 world is for people to control their own data and be able to bounce around from social media to email to shopping using a single personalized account, creating a public record on the blockchain of all of that activity. What does this mean from an identity management point of view? We will explore some important questions that should be addressed as the future of the internet unfolds, including the impact that limited oversight in crypto currency will have, including poor authentication; the role of decentralized identities and private key management; and finally, the privacy aspects of having transaction data on the blockchain and what that means for attackers that can potentially compile new identities or further identity theft as we know it today. Whether it is Web3 or beyond, these issues will be critical to build trust on the internet of the future.
Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners, and verifiers selecting and using them. This requires not only to design and implement new technologies but also to identify new business opportunities and business models. Collaboration, experimentation, and evaluation are the road to adoption, and the EU collaborative H2020 research and innovation framework offers the opportunity to de-risk such collaborations, in favor of innovation.
Many decentralized identity infrastructures and ecosystems around the world are emerging, but how can we get to true global interoperability, where my digital identity works seamlessly across borders and across different use cases?
Two of the most prominent initiatives in the digital identity space right now are 1. the digital Permanent Resident Card use case supported by the U.S. Department of Homeland Security, and 2. the European Blockchain Service Infrastructure (EBSI) with its various pilot projects.
In this talk, we will look at the "Transatlantic SSI Interop" experiment conducted by an EU company (Danube Tech) and a US company (Digital Bazaar) that shows how such different initiatives can connect and interoperate.
The disruptive changes in the SSI paradigm will not be effortlessly adopted by the industry worldwide without technological enablers. Indeed, before transitioning to a fully decentralized ecosystem, standard enterprise IAM solutions and canonical IGA disciples will need to adapt and integrate verifiable credentials. This talk will explore the hybrid decentralization paradigm, offering pointers and insights into the uncontestable evolutionary needs of enterprises. After all, industry IAM solutions must evolve to include VCs issuing and verification capabilities to fully embrace the trustless trust paradigm while retaining complete control of authorization flows.
Web 3 businesses are gaining traction. Data and metrics around customers and markets show growing usage, early adoption and huge growth potential. Currently, these businesses built on decentralized networks are separate from traditional web 2 platforms. Will the 2 paths converge? Will there be a bridge from web2 to web3 and how might that hybrid work? A few use cases will be discussed with points of view around how this convergence could work.
Our headlines and podcasts are filled with the promise of web3. Positioned as a digital utopia that will foster and reward creativity whilst righting the wrongs of data equity. This new world, fusing our physical and digital – will be more immersive, collaborative and experiential than any technology we have known. However, along with the opportunities, it is already presenting new security, identity and privacy threats.
This presentation will explore where we are on the road to the omniverse. Both the opportunities to strengthen digital rights and decentralise identity, along with the very real threats that exploit digital trust. Understanding the weaknesses provides a window into the next wave of identity and security innovation.
A look at how 5 of Canada’s biggest financial institutions have tackled the challenge of Privileged Access Management. Sharing similar requirements all went down paths of successful deployments of technologies to protect their clients, and workforce while providing a more efficient user experience for day to day activities. A look at the 5 common steps to success.
Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy.
In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk.
In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a data-driven platform that specifically offers the essentials for user access governance: automated data collection, holistic risk analytics and user-friendly access reviews integrated with ITSM. As a result, the platform lets companies achieve mature access governance in a matter of days, not months.
In this session, Maarten will give an overview of the essentials of user access governance, showcase the Elimity platform and how it is successfully applied in practice.
As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers.
This approach disperses identity information across the application stack; which increases risks of data breach, data loss, and compromised identities. As a result, consumers lose trust and new business opportunities falter; or worse, customers like the new experience, but its success creates security and compliance liabilities that expand exponentially. To remediate the risk, data teams enter a never-ending cycle of costly data analysis and audits.
Identity architects and developers need to address privacy requirements earlier - not in post-collection data management, but instead in the application development process. While Privacy by Design and Privacy by Default principles are a helpful framework, they offer little practical guidance for developers to actually build privacy-preserving applications.
We will discuss how to use identity data at run-time, in the context of the application; how to retrofit existing applications with privacy requirements; and how to easily evolve applications over time.
It is well known that women face various challenges when working in the IT industry. These challenges lead to the fact that only about 20% of employees in IT are women. The situation in security and identity is even worse, as some studies have shown. "Women in Identity" is a global organization whose mission is to develop solutions with diverse teams. This presentation will look at the various WID initiatives on a global and local level that support women in the industry and create solutions “for everyone built by everyone”.
The concept of the digital twin comes originally from the Industry 4.0 domain with the idea of having a digital representation of real-life objects or processes. The representation of the digital twin consists of the physical object, the virtual product, and the connections between those. Data and its flow form the connection. Only recently has this concept been applied to people as well. While this concept is very promising for design or optimization scenarios, the fact that data is in the center of it, a missing overall data governance and security might be the next challenge. Thus, potentially leading to a misbehavior of the digital twin.
Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and standards in order to establish real world systems. In fact, we see large pilot projects and implementation programs worldwide. One promising but equally critical development is the eIDAS 2 regulation, promising dependable answers to questions about governance and trust frameworks that will drive adoption. This short deep dive will give you an orientation of the state of play for SSI in the context of these greater developments – and might provide an outlook for your projects as well.
Resilience is defined as the dynamic process of encompassing positive adaptation within the context of adversity. Organizations today are under constant siege from any number of security threats. The only path to weathering this ongoing storm is to learn to intelligently adapt through the understanding of identity and the application of Zero Trust. In this presentation, we will illustrate how applying greater identity assurance and least privilege principles organizations can dramatically improve their overall cyber resilience.
This session is a continuation of the opening keynote by Martin Kuppinger on the future Composable Enterprise. Together we take a look at what powers the composable enterprise and which concepts and technologies can contribute to building a composable enterprise.
KuppingerCole proposes an engine that powers composable enterprises, made up of composable services, identities, and data. Since this journey towards becoming composable is intensely individual based on business goals and requirements, there countless ways of cultivating this modular trifecta. Therefore, this session identifies some of the building blocks that organizations use to cultivate interchangeability and agility to achieve their continually shifting business goals. These building blocks are modular themselves, allowing organizations to exercise different aspects to power composability.
In this talk John will present one way of modelling the potential value propositions for the parties (people and organisations) in decentralised identity models. Using real world examples of products and systems, he’ll use the model to consider their value propositions, and whether we need a “value exchange” ecosystem to enable the decentralised identity market to thrive.
Along the way the talk will consider the risk of false prophets and fake profits, where the residual value will remain, as well as why (in John’s opinion) decentralised identity is following the story arc of “gradually, then suddenly” (E. Hemmingway, The Sun Also Rises).
Decentralized identity is an incredibly flexible technology that solves fundamental problems in the way we manage digital communication. But this capacity to do more than one thing at once can be a source of confusion: How do I actually build a decentralized or self-sovereign identity solution today? How do I put all the components together? In this session we use the framework of a Trusted Data Ecosystem to show how you can use decentralized identifiers, software agents, verifiable credentials, and the supporting infrastructure to verify data without having to check in with the source of data. We show how we used Trusted Data Ecosystems to deliver solutions to financial services, healthcare, and travel to global enterprises—and we give you a preview of what the next steps are for these technologies.
As digital business pushes organizations towards an accelerated multi-cloud adoption, CIEM (Cloud Infrastructure Entitlements Management) emerges as a strong enabler for securing access and entitlements across an increasingly distributed cloud environment. Traditional PAM and IGA tools aren't natively designed to manage cloud infrastructure entitlements and therefore can't be easily re-purposed to discover and remediate excessive cloud permissions across multiple IaaS and PaaS platforms. The confusion arising from un-identically structured CSPs and misaligned cloud terminology is further aggravated by the quest of IAM, PAM and Cloud Security providers to enter CIEM space and capture market share.
In this session, we will focus on how the CIEM market has been evolving over the last few years to manage the critical cloud security gaps left unaddressed by CSPM (Cloud Security Posture Management) and CWP (Cloud Workload Protection) tools, and how CIEM complements these tools to offer a wholistic cloud security advantage. We will also discuss how CIEM addresses some of the most critical security tenets of your organization's cloud adoption program and future planning.
As for the key takeaways of this session, you will be able to understand and articulate:
With a highly prioritized digital tranfsformation towards a composable enterprise, it will be inevitable to work with multi-cloud solutions to achieve the level of agility and flexibility required. If it was to avoid vendor lock-in or to consequently go for best-of-breed solutions - in this cloud expert panel we will discuss approaches to manage multi-clouds efficently and to avaid increased complexity.
Performing accidentally wrong or intentionally bad configuration changes by administrators, scripts or systems can lead to serious security vulnerabilities or unintentional visibility or leakage of data. This applies to on-premises systems, but especially to systems and applications in cloud environments.
With a comprehensive change auditing and reporting in hybrid environments, such critical changes and conditions can be quickly identified and remediated.
This session will deal with this topic in general and with a solution approach in particular.
After his presentation on Strategic and Tactical approaches for Zero Trust, in this presentation Fabrizio will breakdown the components of a Zero Trust implementation and highlight what a company needs to implement it. Fabrizio will also cover use-cases like legacy or cloud-based applications.
The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems (aka self-sovereign identity or “SSI”) based on digital wallets and digital credentials. What industry insiders have demanded for long is becoming reality. This is bringing challenges to the forefront including resistance of the identity establishment and major questions about interoperability between emerging and existing identity systems.
The Trust over IP Foundation was founded by a pan-industry group of leading organizations with a mission to provide a robust, common standard and complete architecture for internet-scale digital trust. In this session, leaders in digital identity from the ToIP Steering Committee will outline the impact this missing layer has had on digitization of trusted interactions, why technology alone won’t solve this and how the ToIP stack is designed to tackle both technology and human governance to bring open and interoperable standards at each layer of the trust architecture. This interactive panel will be moderated by ToIP’s Director of Strategic Engagement and will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age.
Russia’s invasion of Ukraine has tectonic consequences for citizens and businesses across the world. An expectation of normalcy post the pandemic has been replaced with fears of increased gas prices and supply chain disruptions. Attackers are expected to leverage the context to carry out advanced cybercrime intrusions, leaving businesses susceptible to attacks that could have potential second and third-order effects on their operations. A cyber problem immediately becomes a business problem that requires effective business continuity contingency plans built around defensible, risk-informed choices.
In this panel session, you’ll hear from security leaders who will provide a pragmatic assessment of organizational dependencies to improve your odds of identifying and mitigating cyber attacks, while addressing the increasingly challenging risk environment organizations find themselves in.
The world of modern urban mobility is full of - unused - opportunities. To get to their destination, people can use public transportation, take a cab or rent an e-scooter. But many options also means many providers. Anyone who uses more than one of the aforementioned forms of transportation to get from A to B will inevitably be confronted with a fragmentation of their journey. This is anything but smooth and user-friendly. A simple example makes this particularly clear: If Erika Mustermann has to go to London for a business meeting, she first takes the suburban train to the airport, then gets on a plane, and then has a cab take her to the hotel. That's three different booking processes with three different mobility providers. Decentralized technologies, on the other hand, enable a new kind of efficiency and effectiveness in the back-end networking of different providers. But how can such a seamless customer journey be implemented so that both mobility service providers and customers benefit equally? Sophia Rödiger, CEO of bloXmove, is happy to tackle this challenge in a talk on IT Trans. In doing so, she explores the question of how, for example, the individual players in local public transport can cooperate with each other while remaining independent and what role blockchain technology plays in this. She also explains how providers can save resources through the decentralized concept while gaining more customers. In addition, she puts a special focus on how the cooperation between the public and private sectors can be changed by the approach in the long term.
CIEM adopts a zero trust approach to Identity and Access Management (IAM) for cloud infrastructures, making access risks visible and avoidable. In this panel session
The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.
As organizations seek to improve their security capabilities, many are evaluating Zero Trust and SASE to determine whether to adopt either, one, or both. Join this session to understand what each can potentially deliver and the exact nature of the relationship between them.
“It’s about the journey, not the destination” they said. “It’s basically just Don’t Trust But Check, what’s the real difference?” they said. “ What’s the big deal?” They said.
Zero trust has been the panacea to everyone’s security problems, for a really long time now, and yet we are still talking about it, and not just doing it. It’s no surprise that there is a certain level of cynicism then that zero trust was all marketing and no trousers.
If 2021 brought us anything though, it was finally some clarity that zero trust really does have a role to play in the enterprise, just not by itself. Various vendors and enterprises have finally conceded that while it is important, it is just one part of the puzzle to help organisations manage their ever changing, digitally transformed, hybrid working, flexible, work from home environments.
Everything changed with zero trust, and now it is actually helping us to change again. In this talk, learn from;
Where zero trust came from, and where it is now
What the new working paradigm means for CISOs…
… and how zero trust environments and working models can help, not hinder, even without a final destination
Two years ago, Siemens started a still going on process to change its security architecture to Zero Trust. Not an easy task for a company that big, widespread, and divers in products.
In this session program leads Thomas Müller-Lynch and Peter Stoll are talking about what they mean when talking about Zero Trust at Siemens, what everyone can learn from the approach Siemens is taking, and what they are planning as their next steps.
Continued advances in authentication technology have made the "identity" part of "identity and access management" more manageable over the years. Access management on the other hand, is still very much a "wild-west" landscape. As enterprises move to a zero-trust network access model, access management is the only way in which attackers can be prevented from gaining unwarranted access to enterprise data. Attackers can include both malicious insiders and those using compromised identities. Numerous organizations have suffered significant financial damage as a result of such unwarranted access from legitimately identified users.
Authorization rules in an enterprise can apply to many types of assets: files on a network drive, cloud resources such as virtual machines and storage buckets and enterprise applications and actions within them. Managing authorization across all these assets is complex in and of itself. Most enterprises also use third-party “Software as a Service ' platforms that maintain their own permissions, further complicating enterprises’ efforts to effectively manage authorization.
This talk identifies common causes of "privilege sprawl" in enterprises, and discusses management techniques that can result in "least privilege" permissions to personnel while ensuring no business disruption
Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.
This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information
Attacks on identity and privileged access pathways are relentless, with the stakes of a cyber-breach never higher. Securing privileged identity within your organisation has never been more important as it is the foundation of a successful Zero Trust implementation. Zero Trust is built on foundations that are essential across your cybersecurity strategy, delivering greater value from existing cyber investments. In this session, we will outline:
Organizations with an advanced cloud migration program have hit a roadblock. TO successfully navigate the adoption of compartmentalized code, in order to reap the benefits of improved agility and reduced costs, The CISO must embrace automated deployment and gain control over APIs.
With over 120 million downloads, and users like Netflix, Zalando and GS, the open source project Open Policy Agent has quickly become the de facto standard for Authorization. In this session, KuppingerCole´s Alejandro Leal will discuss with Jeff Broberg, Gustaf Kaijser and Ward Duchamps on most common use cases where OPA is adopted.
During this best practice session we will present you with hands-on experience from one of our financial services industry customers.
The company used a handcrafted xml signature mechanism to authenticate their business partners when initiating machine-to-machine communication to exchange data between data centers. When the customer decided to migrate to REST APIs in a cloud native setup, the existing mechanism was no longer fit for purpose. Together, we designed a solution to keep the benefits of certificate based authentication while establishing an interaction model conforming to the OpenID Connect standard. We implemented the mechanism based on the open source software Keycloak, successfully passed an external penetration test and have to this point authenticated hundres of thousands of sessions. After our session, attendees will
Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.
The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.
These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.
Who is this new beast, which widespread technology is going to be used everywhere from banking to metaverse, travel to healthcare? The technology that has no limits in its application across sectors is equally welcome in centralised and decentralised worlds. Meet, self-sovereign identity (SSI).
Mobility-as-a-service is changing the way people move. From mobility based on driving your own car, it is converging to the consuming of various services using multiple modes of transportation. Ranging from eScooters, bicycles, ride-sharing to car-sharing, ride-hailing and public transport.
Portable, verifiable and, most importantly, reusable representations of personal data can enable high-touch, high-trust and low-cost engagement between customers and networks of complementary service providers. The EU is already adjusting to the opportunities of Self-Sovereign Identity, but the private sector needs to demonstrate more high-value use cases in order to force beneficiary regulations and an enabling environment for the technology. The tools and techniques of Self-Sovereign Identity (SSI), including the no-code capabilities provided by ProofSpace, can be used to create trust networks within an organization’s existing technical infrastructure in order, for example, to verify that a credential shared by a customer was issued by a trusted partner. A valuable use case for this is re-usable Know Your Customer verification. Other high-value use cases for SSI trust networks include: networks of affiliated hospitality services referring and on-boarding customers; networks of educational institutions verifying academic credentials; networks of employers verifying employment histories; and web 3.0 and DAO communities verifying member reputation and voting rights for management and governance purposes. A brilliant case study for this is ProofSpace’s work with the pro-democracy opposition of Belarus, where Self-Sovereign Identity enables a decentralized and secure “virtual country”, offering private and public services to unite, serve and empower the pro-democracy community.
This is a new development in the world and touches on mDL, Verifiable Credentials, decentralized identity, and personal data topics. A forward-looking presentation about what the world might look like, the foundational changes represented by this change, and some current and potential innovations that are now possible because of this.
As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as Cardea. In this session, representatives from Aruba’s government, Indicio, and SITA will discuss why they chose a decentralized approach, how they created a trusted data ecosystem, and why the ability to verify personal data without having to check in with the source of that data will transform air travel, healthcare, and tourism
Drone operations are estimated to bring €10bn/yr to the EU economy by 2035. A critical e-Government issue is the ability to fly drones in regulated airspace around airports. Unauthorised drone operations in the flightpath of passenger aircraft can endanger lives and cause huge financial loss for airport operators. Heathrow Airport has invested >£10M in security systems to track and destroy unauthorised drones. Digitising the entire drone flight approvals process will involve many steps, but the major one we are addressing is verifying pilot training credentials. SSI could radically improve this currently cumbersome and low-trust process. In an Innovate-UK grant funded project (Fly2Plan), we developed an SSI PoC for a drone pilot training company to issue training certificates as verifiable credentials to drone pilots, which can be verified by Heathrow Airport. In this talk we present our learnings and future work.
The presentation to be made by Stéphane Mouy (SGM Consulting - France) and Michael Adams (Quali-Sign - UK) will focus on the forthcoming eIDAS 2.0 digital identity wallets (DIWs) and the payment use case. DIWs will allow users to share high LoA identity and status credentials to various relying parties, including financial institutions, as well as meet applicable strong customer authentication requirements for payments.
The payment use case is of critical importance to eIDAS 2.0 digital identity wallets and promises to be transformational for EU payment service providers as it offers a level-playing field for payment means, whether account-to-account or card based. DIWs are also likely to play a key role for the deployment of CBDCs supporting offline interactions with embedded AML/CFT verifications.
The presentation will draw on the work of the eWallet Network presented in the Developing a digital identity solution for use by the financial sector based around eIDAS trust services report published by the EU commission in October 2021 and authored by Stéphane Mouy. It will include a live presentation of an eIDAS 2.0/ISO 23220-1 digital identity wallet offering online/offline connectivity that can be used in a variety of contexts, including for payment authorisation purposes.
The session should be of interest to anyone interested in eIDAS 2.0 developments for digital identities as well as its regulatory implications for the financial sector but also to digital payment experts. A specific focus will be made on the offline connectivity requirement for DIWs that has clear technology implications.
Times are challenging, probably more than during the last few decades, with a pandemic that seems to never ending, homeoffice workers who don´t want to return, some frightening growth rates on the dark side of digital with ransomware everywhere and nation-state intellectual property theft on a broad level. We therefore have to update and modernize our identity & access programs to meet chose new challenges and enable an agile & composable business. Identity proofing through global identity networks, risk mitigation of a workforce that remains at the home office, and all that within an increasingly complex multi-cloud & hybrid infrastructure.
In this session Martin Kuppinger will provide you with predictions on how IAM will evolve over the years to come and which role decentralized technologies will play.
Identity Fabrics as a concept has established itself as a common paradigm for defining and implementing the identity services needed by organizations to provide seamless, yet secure and controlled access of everyone and everything to every type of service, regardless whether its legacy or shiny & bright SaaS, and regardless of where it runs. Identity Fabrics support the shift-left in IAM thinking from only managing applications to providing a consistent set of identity services for the developers of digital services. Identity Fabrics deliver the integration and control plane required for a modern IAM.
In this panel, the panelists will discuss where Identity Fabrics stand today, how they are implemented in practice, and what to consider for prioritizing services, for picking the right technologies, and for operations, as well as for building an Identity API layer and integrating back to the legacy.
They also will look at whether and where specific variants are needed, such as Consumer Identity Fabrics looking at the CIAM and CDP (Customer Data Platform) use cases.
Digital identities of consumers, customers, business partners, employees, but also devices, things, or services are at the core of the digital business. Unfortunately, most digital identities reside in siloes. Building a modern Identity Fabric that delivers seamless yet secure and controlled access from everyone and everything to every service requires breaking down the legacy identity siloes, and building a modern, flexible, identity data foundation.
As organizations are recovering from the pandemic, many of them embark on a digital transformation at high-speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger.
NN, an international financial services firm with over 15,000 employees, is changing from a traditional insurance firm into a modern and online financial services firm that focuses on frequent and valuable customer interactions. NN is providing these online services across multiple channels in a secure and compliant manner while offering its customers an outstanding user experience. For this NN has implemented a robust innovative IAM platform that entails key functions like identification, verification, authentication and authorization, fit for the dynamics of the financial industry.
Join Ronald van der Rest & Bas Kerpel, who lead NN's IAM Platform Teams, as they explain how powerful Customer Identity & Access Management can be, when you are transforming your organization to become successful in doing business online. Ronald and Bas will share relevant insights into NN's IAM Platform and will touch especially on its identity orchestration capabilities.
In today´s unpredictable business environment where change is the normal, it has become critical to have a manageable and scalable Identity & Access Management program in place. In this Best Practice Presentation, Leonardo Morales will talk about the challenges and his learnings from implementing state-of-the-art IAM at Siemens AG, and what the next steps will be.
Password-related attacks increased by a staggering 450% in 2020, with over 1.48 billion records breached worldwide. Meanwhile, the average cost of a password reset exceeds $50 USD. We all know that passwords fail to deliver adequate Zero-Trust security and cause unnecessary friction for both customers and the workforce. So why have passwords not receded into the background? What are the key challenges facing enterprise passwordless agendas? And how can modern identity and access management help us realise a blueprint for a passwordless reality?
There are so many ways enterprises could benefit from using Multi-Factor Authorization (MFA). Benefits include identity theft prevention, secure devices, lower breach risks, to name just a few. But why are so many businesses still not using MFA? Perhaps because it is too complex and time-consuming for IT departments? In this panel, our security leaders will try to clear up any misconceptions there seem to be about implementing MFA in the enterprise.
The FIDO Alliance has made tremendous strides in its mission to change the nature of authentication with stronger, simpler and passwordless authentication. Join this session to get find out the state of passwordless authentication from the FIDO lens, including a sneak peak at major news that will – finally - make passwordless FIDO authentication available to the masses.
The “zero trust” approach to cybersecurity has been gaining momentum in recent years, as both corporations and government agencies have struggled with how to enhance security given the de-emphasis on the network perimeter. For the most part, the zero trust movement has remained rooted in network principals. However, in the last two years, much of the world was forced to interact exclusively online, creating a sense of urgency around zero trust security and the “never trust, always verify” philosophy behind it reached a new level of importance.
In this panel, you’ll hear from security leaders who have approached and implemented zero trust with an identity-first philosophy, considering it a transformative way of reducing friction for users, while addressing the increasingly challenging risk environment. They believe a true zero trust environment requires a strong identity and access management framework.
Goal of this Deep Dive: Listeners will leave with a solid understanding of
Main Contents / Flow:
The future of the enterprise is changing. In the Digital Age, much is different than it has been in the past. The focus must be on agility in business models and delivery, innovation, and reliability in delivering to the customers. This requires a shift in focus, in all areas, including IT. IT must focus on enabling the business to deliver digital services that stand out from the competition, with leading-edge customer experience. IT must be able to adapt to change in competition as well as in technology, and to support the continuous innovation of businesses in the digital age. It must focus on what makes a business different from others. Thus, IT must focus way more on innovation than on just delivering standard IT services from the shelf. However, IT must ensure that this is safe, secure, reliable, available – the new IT as well as the old IT. Cybersecurity and Identity today are at the forefront of the digital business, with Identity as an enabler and Cybersecurity as the foundation for secure delivery.
With the demand on agility and innovation in IT, and the focus on distinguishing from others instead of reinventing baseline IT that is available of the shelf, the themes of “decentralization” and decentralized technologies (as in Blockchain and Distributed Ledger Technologies), and of “composable” (as in orchestration, APIs, business processes, etc.) move to the focus. This keynote will look at how to utilize identity, security, and decentralized technologies for the composable enterprise and for differentiation from competition in the digital business. Done right, technology enables enterprises to stay ahead of the competition, without failing in security.
As the pace of digitalization gathers momentum, organizations are witnessing a dramatic increase in the number of digital identities. These identities interact with systems and applications relentlessly to perform day-to-day IT tasks. Nevertheless, maintaining the privacy of this data is a daunting task. Enterprise data is hosted in multi-tenant cloud, managed service providers and distributed data center environments. How an organization can maintain data privacy in this evolving IT access control use-cases depends on the level of preparedness to protect and monitor those digital identities. An identity and access management solution provides adequate safeguards to enforce IT practices necessary to maintain data privacy.
Facial recognition technology is evolving rapidly, presenting the benefits and dangers that innovation always does. Will it provide reliable biometric authentication, or will it erode personal privacy?
We’ll examine the current landscape from both a policy and a technical perspective, and discuss the responsibility of government, enterprise, and individuals in this complicated environment, and review the latest adversarial research that attempts to enhance biometric privacy for individuals.
Organisations that are being targeted by SaaS and B2B companies might struggle when it comes to building a smooth and quick process of authentication for their users. Issues with business needs, such as user organisation within a specific target business, separate branding, access control and SSO are spreading like wildfire. Therefore, some of these processes could overwhelm your IT-team with unnecessary burdens, such as building an application entirely from scratch reducing significantly the time dedicated to the design and improvement of the app itself.
Join us in this hands-on workshop where you will be able to experience firsthand the challenges we have had in the past and how Auth0’s capabilities and features have contributed to create resilient, secure and exciting B2B applications powered by your IAM system. Learn more about:
Take this chance to meet with our Auth0’s expert that will take some time to address your challenges and questions. See you there!
As if it all came together on the foundations of an agile, fully decentralized enterprise, embracing the API economy to deliver results through assembling and combining pre-packaged business capabilities. AI-driven, automated, everything delivered on-demand, providing the best possible user experience, and all that at an unprecedented pace that keeps us ahead of the ever-increasing speed of change: The composable enterprise.
But wait – less than a third of businesses that we at KuppingerCole have asked recently, say that they have processes, staff, structures, skills, and cybersecurity implemented in a way that they feel adequately prepared for what analysts may soon call the age of the composable enterprise. In this CISO panel session, we will try to look into the future of Cybersecurity, without losing sight of today´s threats and ways to continue building cyber resilience in a time of so many unknowns. Welcome to the EIC 2022 CISO Plenary Panel.
An impactful 73 pages proposal for amending the 2014 e-IDAS regulation was made in June last year, a.o. providing EU wide wallets for national e-ID’s. Market consultations and impact assessments have been concluded early 2022 and the European Parliament discussed the proposal with experts answering questions parliamentarians had, not without arousing quite some dust.
The EU Digital ID Proposal is powerful, as it is creating a Pan-European wallet for all member states, trying to stay in line with all existing ID initiatives and legislation. Drs. Jacoba Sieders will give you insight into how she foresees the impact of this EU initiative on businesses across Europe as well as globally.
Privacy is one of the most challenging aspects to protect in identity solutions.
The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.
Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.
The world has changed because of COVID. More fraud is taking place. More misuse of identity is occurring. To combat the rise in fraud and to mitigate risk, the Kantara Initiative offers a 3rd party conformity assessment program.
OpenID Foundation Workshops provide technical insight and influence on current digital identity standards while also enabling a collaborative platform to openly address current trends and market opportunities. The OpenID Foundation Workshop at EIC includes a number of presentations focused on 2022 key initiatives for the Foundation.
Last November, the creator of the 7 Laws of Identity, Digital ID thought leader and focal point of a Global Identity Community, Kim Cameron, passed away. He not only left us with an uncountable number of unforgettable moments. He also left us with those 7 laws of Identity, a set of fundamental principles that have helped shaping modern privacy legislation and which are more relevant today as ever before. In this keynote session, 7 of Kim´s friends, colleagues and co-founders will talk about today´s relevance of Kim´s work. The session will be moderated by Jackson Shaw who worked with Kim back in the 90ies at ZoomIT.